Skip to content

ftp: Use recog (fall back to regex) with the banner_version#21416

Open
g0tmi1k wants to merge 1 commit intorapid7:masterfrom
g0tmi1k:ftp_mixin
Open

ftp: Use recog (fall back to regex) with the banner_version#21416
g0tmi1k wants to merge 1 commit intorapid7:masterfrom
g0tmi1k:ftp_mixin

Conversation

@g0tmi1k
Copy link
Copy Markdown
Contributor

@g0tmi1k g0tmi1k commented May 6, 2026
edited
Loading

This is from @cdelafuente-r7's feedback in #21380 (comment)

After

$ ./msfconsole -q -x 'db_status; workspace -D;
setg VERBOSE true; setg RHOSTS 10.0.0.10; setg LHOST tap0'
[*] Connected to msf. Connection type: postgresql.
[*] Deleted workspace: default
[*] Recreated the default workspace
VERBOSE => true
RHOSTS => 10.0.0.10
LHOST => tap0
msf > use ftp_anonymous

Matching Modules
================

   #  Name                                 Disclosure Date  Rank    Check  Description
   -  ----                                 ---------------  ----    -----  -----------
   0  auxiliary/scanner/ftp/ftp_anonymous  .                normal  No     Anonymous FTP Access Detection


Interact with a module by name or index. For example info 0, use 0 or use auxiliary/scanner/ftp/ftp_anonymous

[*] Using auxiliary/scanner/ftp/ftp_anonymous
msf auxiliary(scanner/ftp/ftp_anonymous) > run
[*] 10.0.0.10:21          - Testing write access, creating test directory: fzgzOlMG
[+] 10.0.0.10:21          - Anonymous Read-only access (vsFTPd 2.3.4)
[*] 10.0.0.10:21          - Listing directory contents
[*] 10.0.0.10:21          - Directory listing: (empty)
[*] 10.0.0.10:21          - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(scanner/ftp/ftp_anonymous) >

Proof

$ git diff ./lib/msf/core/exploit/remote/ftp.rb
diff --git a/lib/msf/core/exploit/remote/ftp.rb b/lib/msf/core/exploit/remote/ftp.rb
index a2a8855f6d..15a2ca2da9 100644
--- a/lib/msf/core/exploit/remote/ftp.rb
+++ b/lib/msf/core/exploit/remote/ftp.rb
@@ -119,7 +119,7 @@ module Exploit::Remote::Ftp
   #
   def banner_version
    info = recog_banner
-   return [info['service.product'], info['service.version']].compact.join(' ') if info
+   return [info['service.product'], info['service.product'], info['service.version']].compact.join(' ') if info

     # 220 (vsFTPd 2.3.4)\x0d\x0a                                   -> vsFTPd 2.3.4
     # 220 ProFTPD 1.3.1 Server (Debian) [::ffff:10.0.0.10]\x0d\x0a -> ProFTPD 1.3.1 Server (Debian)
$ ./msfconsole -q -x 'db_status; workspace -D;
setg VERBOSE true; setg RHOSTS 10.0.0.10; setg LHOST tap0; use ftp_anonymous; run'
[...]
[+] 10.0.0.10:21          - Anonymous Read-only access (vsFTPd vsFTPd 2.3.4)
[...]
msf auxiliary(scanner/ftp/ftp_anonymous) >

@g0tmi1k g0tmi1k force-pushed the ftp_mixin branch 2 times, most recently from cfba246 to d15b4b2 Compare May 6, 2026 16:27
adfoster-r7
adfoster-r7 reviewed May 6, 2026
View reviewed changes
Comment thread lib/msf/core/exploit/remote/ftp.rb Outdated
@g0tmi1k g0tmi1k requested a review from adfoster-r7 May 7, 2026 11:04
@g0tmi1k
Copy link
Copy Markdown
Contributor Author

g0tmi1k commented May 7, 2026

Thanks for the feedback @adfoster-r7 - Forced pushed with changes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adfoster-r7 adfoster-r7 Awaiting requested review from adfoster-r7

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

Metasploit Kanban
Status: Todo

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@g0tmi1k @adfoster-r7 @smcintyre-r7